Documentation
¶
Overview ¶
Package authtoken provides JWT token generation and validation.
Index ¶
- Constants
- Variables
- func GenerateAllowedRoles(roleHierarchy map[string][]string) []string
- func HasPermission(resolved map[string]bool, required string) bool
- func ResolvePermissions(roles []string, directPermissions []string, customRoles map[string][]string) map[string]bool
- type CustomClaims
- type Permission
- type Token
Constants ¶
View Source
const ( PermAgentRead = client.PermAgentRead PermAgentWrite = client.PermAgentWrite PermNodeRead = client.PermNodeRead PermNodeWrite = client.PermNodeWrite PermNetworkRead = client.PermNetworkRead PermNetworkWrite = client.PermNetworkWrite PermJobRead = client.PermJobRead PermJobWrite = client.PermJobWrite PermHealthRead = client.PermHealthRead PermAuditRead = client.PermAuditRead PermCommandExecute = client.PermCommandExecute PermFileRead = client.PermFileRead PermFileWrite = client.PermFileWrite PermDockerRead = client.PermDockerRead PermDockerWrite = client.PermDockerWrite PermDockerExecute = client.PermDockerExecute PermCronRead = client.PermCronRead PermCronWrite = client.PermCronWrite PermSysctlRead = client.PermSysctlRead PermSysctlWrite = client.PermSysctlWrite PermNtpRead = client.PermNtpRead PermNtpWrite = client.PermNtpWrite PermTimezoneRead = client.PermTimezoneRead PermTimezoneWrite = client.PermTimezoneWrite PermPowerExecute = client.PermPowerExecute PermProcessRead = client.PermProcessRead PermProcessExecute = client.PermProcessExecute PermUserRead = client.PermUserRead PermUserWrite = client.PermUserWrite PermPackageRead = client.PermPackageRead PermPackageWrite = client.PermPackageWrite PermLogRead = client.PermLogRead PermCertificateRead = client.PermCertificateRead PermCertificateWrite = client.PermCertificateWrite PermServiceRead = client.PermServiceRead PermServiceWrite = client.PermServiceWrite )
Permission constants re-exported from the SDK.
Variables ¶
View Source
var AllPermissions = []Permission{ PermAgentRead, PermAgentWrite, PermNodeRead, PermNodeWrite, PermNetworkRead, PermNetworkWrite, PermJobRead, PermJobWrite, PermHealthRead, PermAuditRead, PermCommandExecute, PermFileRead, PermFileWrite, PermDockerRead, PermDockerWrite, PermDockerExecute, PermCronRead, PermCronWrite, PermSysctlRead, PermSysctlWrite, PermNtpRead, PermNtpWrite, PermTimezoneRead, PermTimezoneWrite, PermPowerExecute, PermProcessRead, PermProcessExecute, PermUserRead, PermUserWrite, PermPackageRead, PermPackageWrite, PermLogRead, PermCertificateRead, PermCertificateWrite, PermServiceRead, PermServiceWrite, }
AllPermissions is the full set of known permissions.
View Source
var DefaultRolePermissions = map[string][]Permission{ client.RoleAdmin: { PermAgentRead, PermAgentWrite, PermNodeRead, PermNodeWrite, PermNetworkRead, PermNetworkWrite, PermJobRead, PermJobWrite, PermHealthRead, PermAuditRead, PermCommandExecute, PermFileRead, PermFileWrite, PermDockerRead, PermDockerWrite, PermDockerExecute, PermCronRead, PermCronWrite, PermSysctlRead, PermSysctlWrite, PermNtpRead, PermNtpWrite, PermTimezoneRead, PermTimezoneWrite, PermPowerExecute, PermProcessRead, PermProcessExecute, PermUserRead, PermUserWrite, PermPackageRead, PermPackageWrite, PermLogRead, PermCertificateRead, PermCertificateWrite, PermServiceRead, PermServiceWrite, }, client.RoleWrite: { PermAgentRead, PermNodeRead, PermNodeWrite, PermNetworkRead, PermNetworkWrite, PermJobRead, PermJobWrite, PermHealthRead, PermFileRead, PermFileWrite, PermDockerRead, PermDockerWrite, PermCronRead, PermCronWrite, PermSysctlRead, PermSysctlWrite, PermNtpRead, PermNtpWrite, PermTimezoneRead, PermTimezoneWrite, PermProcessRead, PermUserRead, PermUserWrite, PermPackageRead, PermPackageWrite, PermLogRead, PermCertificateRead, PermCertificateWrite, PermServiceRead, PermServiceWrite, }, client.RoleRead: { PermAgentRead, PermNodeRead, PermNetworkRead, PermJobRead, PermHealthRead, PermFileRead, PermDockerRead, PermCronRead, PermSysctlRead, PermNtpRead, PermTimezoneRead, PermProcessRead, PermUserRead, PermPackageRead, PermLogRead, PermCertificateRead, PermServiceRead, }, }
DefaultRolePermissions maps built-in role names to their granted permissions.
View Source
var RoleHierarchy = map[string][]string{
"admin": {"read", "write", "admin"},
"write": {"read", "write"},
"read": {"read"},
}
RoleHierarchy defines the relationship between roles and their associated scopes. Each role is mapped to a list of permissible scopes. This hierarchy is used to determine whether a user with a given role has access to specific actions.
Example:
- "admin" includes "read", "write", and "admin" scopes.
- "write" includes "read" and "write" scopes.
- "read" includes only the "read" scope.
Functions ¶
func GenerateAllowedRoles ¶
GenerateAllowedRoles extracts the keys from RoleHierarchy to create a list of allowed roles.
func HasPermission ¶
HasPermission checks whether the resolved set contains the required permission.
func ResolvePermissions ¶
func ResolvePermissions( roles []string, directPermissions []string, customRoles map[string][]string, ) map[string]bool
ResolvePermissions computes the effective permission set for a token. If directPermissions is non-empty, it is returned directly (IdP override). Otherwise roles are expanded through customRoles first, then DefaultRolePermissions.
Types ¶
type CustomClaims ¶
type CustomClaims struct {
Roles []string `json:"roles" validate:"required,dive,oneof=read write admin"`
Permissions []string `json:"permissions,omitempty"`
jwt.RegisteredClaims
}
CustomClaims defines the structure of your token claims
type Permission ¶
type Permission = client.Permission
Permission is a type alias for client.Permission.
type Token ¶
type Token struct {
// contains filtered or unexported fields
}
Token implementation of the token operations.
Source Files
Click to show internal directories.
Click to hide internal directories.